From: Harlan Stenn <stenn@ntp.org>
Date: Wed, 30 Mar 2016 10:29:07 +0000 (+0000)
Subject: [Bug 2960] async name resolution fixes for chroot() environments.  Reinhard Max
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f455eb2c51decc65aa158fe1367edc55bce4c37;p=thirdparty%2Fntp.git

[Bug 2960] async name resolution fixes for chroot() environments.  Reinhard Max

bk: 56fbaa736fBSWeY_7EVlGfQoDwKz3g
---

diff --git a/ChangeLog b/ChangeLog
index 276732f74..4fb749765 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 ---
 
+* [Bug 2960] async name resolution fixes for chroot() environments.
+  Reinhard Max.
 * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
 * [Bug 2995] Fixes to compile on Windows
 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
diff --git a/libntp/work_fork.c b/libntp/work_fork.c
index 96c550e98..1bbf6401d 100644
--- a/libntp/work_fork.c
+++ b/libntp/work_fork.c
@@ -451,7 +451,7 @@ fork_blocking_child(
 		}
 	}
 
-#ifdef HAVE_DROPROOT
+#if defined(HAVE_DROPROOT) && !defined(NEED_EARLY_FORK)
 	/* defer the fork until after root is dropped */
 	if (droproot && !root_dropped)
 		return;
diff --git a/ntpd/ntp_timer.c b/ntpd/ntp_timer.c
index 78c81b620..9ee35f812 100644
--- a/ntpd/ntp_timer.c
+++ b/ntpd/ntp_timer.c
@@ -276,6 +276,12 @@ intres_timeout_req(
 	u_int	seconds		/* 0 cancels */
 	)
 {
+#if defined(HAVE_DROPROOT) && defined(NEED_EARLY_FORK)
+	if (droproot) {
+		worker_idle_timer = 0;
+		return;
+	}
+#endif
 	if (0 == seconds) {
 		worker_idle_timer = 0;
 		return;
diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index 2c7f02ec5..9c6f94740 100644
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -332,6 +332,16 @@ my_pthread_warmup(void)
 
 #endif /*defined(NEED_PTHREAD_WARMUP)*/
 
+#ifdef NEED_EARLY_FORK
+static void
+dummy_callback(void) { return; }
+
+static void
+fork_nonchroot_worker(void) {
+	getaddrinfo_sometime("localhost", "ntp", NULL, INITIAL_DNS_RETRY,
+			     (gai_sometime_callback)&dummy_callback, NULL);
+}
+#endif /* NEED_EARLY_FORK */
 
 void
 parse_cmdline_opts(
@@ -931,6 +941,11 @@ ntpdmain(
 
 # ifdef HAVE_DROPROOT
 	if (droproot) {
+
+#ifdef NEED_EARLY_FORK
+		fork_nonchroot_worker();
+#endif
+
 		/* Drop super-user privileges and chroot now if the OS supports this */
 
 #  ifdef HAVE_LINUX_CAPABILITIES
diff --git a/sntp/m4/ntp_libntp.m4 b/sntp/m4/ntp_libntp.m4
index 01d82fcd5..1263423ed 100644
--- a/sntp/m4/ntp_libntp.m4
+++ b/sntp/m4/ntp_libntp.m4
@@ -163,6 +163,7 @@ case "$host" in
 	# include <sys/socket.h>
 	#endif
     ])
+    AC_DEFINE([NEED_EARLY_FORK], [1], [having to fork the DNS worker early when doing chroot?])
 esac
 
 AC_CHECK_HEADERS([arpa/nameser.h sys/param.h sys/time.h sys/timers.h])